CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20042 matches found

NVD•added 2025/10/18 7:15 a.m.•5 views

CVE-2025-11270

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS0.00231EPSS

Exploits0References2

Vulnrichment•added 2025/10/18 6:42 a.m.•2 views

CVE-2025-11270 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.5AI score0.00231EPSS

Exploits0References2

CVE•added 2025/10/18 6:42 a.m.•20 views

CVE-2025-10006

CVE-2025-10006 affects WPBakery Page Builder for WordPress (

6.4CVSS4.6AI score0.00212EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/10/17 8:29 p.m.•8 views

CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...

6.5CVSS0.00409EPSS

Exploits0References3

RedhatCVE•added 2025/10/17 5:29 a.m.•7 views

CVE-2025-11814

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.4CVSS5.2AI score0.00269EPSS

Exploits0References1

OSV•added 2025/10/16 6:33 p.m.•4 views

CVE-2025-62414 bagisto - Cross Site Scripting (XSS) in Create New Customer

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields...

6.9CVSS6.3AI score0.00255EPSS

Exploits1References3

NVD•added 2025/10/15 9:15 a.m.•16 views

CVE-2025-10133

The URLYar URL Shortner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'urlyarshortlink' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00214EPSS

Exploits0References2

Cvelist•added 2025/10/15 8:26 a.m.•6 views

CVE-2025-10194 Shortcode Button <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00265EPSS

Exploits0References3

EUVD•added 2025/10/15 8:26 a.m.•2 views

EUVD-2025-34536

6.4CVSS4.7AI score0.00265EPSS

Exploits0References4

Cvelist•added 2025/10/15 8:25 a.m.•4 views

CVE-2025-10140 Quick Social Login <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00265EPSS

Exploits0References3

EUVD•added 2025/10/15 8:25 a.m.•4 views

EUVD-2025-34552

The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewstl' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS4.7AI score0.00214EPSS

Exploits0References3

Vulnrichment•added 2025/10/15 8:25 a.m.•1 views

CVE-2025-10139 WP BookWidgets <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP BookWidgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bwlink' shortcode in all versions up to, and including, 0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00276EPSS

Exploits0References3

OSV•added 2025/10/15 7:15 a.m.•4 views

CVE-2025-11160

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...

5.4CVSS6AI score

Exploits0References2

EUVD•added 2025/10/15 6:31 a.m.•3 views

EUVD-2025-34511

The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00211EPSS

Exploits0References4

Cvelist•added 2025/10/15 5:23 a.m.•6 views

CVE-2025-8561 Ova Advent <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00211EPSS

Exploits0References3

OSV•added 2025/10/14 2:54 p.m.•3 views

CVE-2025-54889 A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring SNMP traps manufacturer configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13...

6.8CVSS5.3AI score0.00235EPSS

Exploits0References4

Positive Technologies•added 2025/10/14 12:0 a.m.•6 views

PT-2025-41932

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 23.10.0 through 23.10.28 Centreon Infra Monitoring versions 24.04.0 through 24.04.18 Centreon Infra Monitoring versions 24.10.0 through 24.10.13 Description The software contains a flaw related to improper...

6.8CVSS6.2AI score0.00235EPSS

Exploits0References3

CNNVD•added 2025/10/14 12:0 a.m.•3 views

Apache Geode 安全漏洞

Apache Geode is a U.S.-based Apache Foundation suite of management platforms used in distributed cloud architectures to provide real-time and consistent access to data for data-intensive applications. A security vulnerability exists in Apache Geode versions prior to 1.15.2 that originates from we...

6.1CVSS6.5AI score0.00628EPSS

Exploits0References2

NCSC•added 2025/10/13 8:31 a.m.•6 views

Vulnerabilities fixed in Juniper Networks Junos Space

Juniper has fixed vulnerabilities in Junos Space Specifically for all versions prior to 24.1R4. The vulnerabilities are in the way Juniper Networks Junos Space processes user input. Attackers can inject malicious scripts into various pages, such as the Device Template Definition, Global Search, a...

9.4CVSS7.1AI score0.00559EPSS

Exploits0References1

CNVD•added 2025/10/13 12:0 a.m.•5 views

WordPress Epic Bootstrap Buttons plugin cross-site scripting vulnerability

WordPress Epic Bootstrap Buttons plugin is a plugin for quickly adding Bootstrap style buttons to your WordPress website. WordPress Epic Bootstrap Buttons plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of icol parameters, whic...

6.4CVSS6.1AI score0.00211EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by